I. BackgroundQuote: "Avira AntiVir is a reliable free antivirus solution, that constantly and rapidly scans your computer for malicious programs such as viruses, Trojans, backdoor programs, hoaxes, worms, dialers etc. Monitors every action executed by the user or the operating system and reacts promptly when a malicious program is detected.

The protection experts have numerous company locations throughout Germany and cultivate partnerships in Europe, Asia and America. Avira has more than 180 employees at their main office in Tettnang near Lake Constance and is one of the largest employers in the region. There are around 250 people employed worldwide whose commitment is continually being confirmed by awards. A significant contribution to protection is the Avira AntiVir Personal which is being used by private users a million times over.

AV-Comparatives e.V. have chosen Avira AntiVir Premium as the best anti-virus solution of 2008"

II. DescriptionThe parsing engine can be bypassed by a specially crafted and formated CAB archive. Details are currently witheld due to other vendors that are in process of deploying patches.

17/04/2009 : Avira replies the problem is fixed in "AVPack >= 8.1.3.14 7.6.1.19", changes have been made to the sdk in order to allow 3rd party AV vendors that use the engine to reveive more details about the file.

18/04/2009 : Avira informs me that the patch is in production since the 17th of April. AV7 7.9.0.148 / AV8/9: 8.2.0.148

18/04/2009 : Ask for more details about the impact of gateway appliances

23/04/2009 : Avira states that the archive effectively evade the default configuration of Avira AntiVir MailGate and Avira AntiVir WebGate (prior to patch). Future evasions can be blocked by setting "BlockSuspiciousArchive" to yes however this is not enabled by default.